Mac attack: Bot herders going after Apple computers

Share this article:
Mac users, your time has come. Long immune from virus and trojan attacks invading through internet connections, bot herders have found a way to infest Mac computers: via pirated software.

The finger is being pointed at BitTorrent, a popular peer-to-peer site that enables users to share large files, as the avenue by which pirated copies of Apple software, iWork '09 and Adobe Photoshop CS4, were downloaded onto Mac computers. The applications reportedly work, but embedded in their code is a trojan called OSX.Iservice.

Joris Evers a spokesman for McAfee, in an email to SCMagazineUS.com on Friday, explained that this Mac trojan was first found in January and installs remote control software on the Mac. This prompts it to begin contacting other hosts in its P2P network for commands, including what may be a first in the Mac world: the launch of denial-of-service attacks capable of bringing down websites or web servers.

Researchers Mario Ballano Barcena and Alfredo Pesoli at Symantec, Ireland, writing in the April 2009 issue of the Virus Bulletin [subscription needed], describe this as the “first real attempt to create a Mac botnet.”

The trojan going after Macs, dubbed the iBotnet by the Symantec researchers, has so far infected a relatively few thousand computers before it was identified, though some estimates place the figure in the tens of thousands. Experts at security firms say the trojan can be easily removed once it has been identified.

"Quite frankly there is no functionality in this 'bot' that we have not seen before," said Dave Marcus, head of research and communications at McAfee Avert Labs, in a blog post. "The only thing of concern is that it affects the Mac platform, which certainly is fresh territory."

Up until this incident, Apple computers have been relatively free of viruses and trojans. With a single-digit share of the PC market, Macs had escaped attention. Cyberthieves were after big targets to create the biggest network possible, experts explain, and that meant going after Windows-based machines. The recent Conficker worm, for example, is believed to have spread to as many as 12 million machines.

But, as Randy Abrams, director of technical education at ESET pointed out to SCMagazineUS.com on Friday, the market for computers is so huge now that even a 8 or 9 percent market share is a big number.

"There are enough Macs out there now that it's not much of a leap of faith to see people switch to Macs in an attempt to make money," he said.

The primary way they do that, he explained, is through extortion. After their denial-of-service attack shuts down a website, the bad guys will approach the company with a ransom demand to get the site back up. This is a particularly effective method with gambling sites, for example, which lose a lot of money being offline.

Then too, there's the fact that there's a lot less anti-virus software for the Mac, Abrams adds. "The Mac community has been led to believe they don't need AV," he said.

But that may be about to change as the market for Macs increases and more vendors of anti-virus products are looking at offerings for the Mac system.

"Mac users are no less susceptible to social engineering than Windows users," said ESET's Abrams. "They are as exploitable and have as much greed as Windows users."

To avoid these sorts of traps, Abrams said that educating computer users is the key. He recommended a website from the National Cyber Security Alliance, www.staysafeonline.org, for all computer users to learn best practices and gain a better understanding on what to look out for.




Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.